diff options
author | Tharanga Gamaethige <tgamaethige@netflix.com> | 2018-11-30 17:44:33 -0800 |
---|---|---|
committer | dormando <dormando@rydia.net> | 2019-04-15 21:36:18 -0700 |
commit | ee1cfe3bf9384d1a93545fc942e25bed6437d910 (patch) | |
tree | 2e880ddd3d263b85f2cf6de73b8eb15d14d02e37 /configure.ac | |
parent | d2dcfff7edd28baf3587ab103d6fbac322335a68 (diff) | |
download | memcached-ee1cfe3bf9384d1a93545fc942e25bed6437d910.tar.gz |
Basic implementation of TLS for memcached.1.5.13
Most of the work done by Tharanga. Some commits squashed in by
dormando. Also reviewed by dormando.
Tested, working, but experimental implementation of TLS for memcached.
Enable with ./configure --enable-tls
Requires OpenSSL 1.1.0 or better.
See `memcached -h` output for usage.
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index abcb8ae..93046dc 100644 --- a/configure.ac +++ b/configure.ac @@ -100,6 +100,8 @@ AC_ARG_ENABLE(sasl_pwdb, AS_IF([test "x$enable_sasl_pwdb" = "xyes"], [enable_sasl=yes ]) +AC_ARG_ENABLE(tls, + [AS_HELP_STRING([--enable-tls], [Enable Transport Layer Security EXPERIMENTAL ])]) dnl ********************************************************************** @@ -190,6 +192,10 @@ if test "x$enable_extstore" = "xyes"; then AC_DEFINE([EXTSTORE],1,[Set to nonzero if you want to enable extstore]) fi +if test "x$enable_tls" = "xyes"; then + AC_DEFINE([TLS],1,[Set to nonzero if you want to enable TLS]) +fi + if test "x$enable_arm_crc32" = "xyes"; then AC_DEFINE([ARM_CRC32],1,[Set to nonzero if you want to enable ARMv8 crc32]) fi @@ -199,6 +205,8 @@ AM_CONDITIONAL([DTRACE_INSTRUMENT_OBJ],[test "$dtrace_instrument_obj" = "yes"]) AM_CONDITIONAL([ENABLE_SASL],[test "$enable_sasl" = "yes"]) AM_CONDITIONAL([ENABLE_EXTSTORE],[test "$enable_extstore" = "yes"]) AM_CONDITIONAL([ENABLE_ARM_CRC32],[test "$enable_arm_crc32" = "yes"]) +AM_CONDITIONAL([ENABLE_TLS],[test "$enable_tls" = "yes"]) + AC_SUBST(DTRACE) AC_SUBST(DTRACEFLAGS) @@ -354,6 +362,95 @@ if test $ac_cv_libevent_dir != "(system)"; then fi fi +trylibssldir="" +AC_ARG_WITH(libssl, + [ --with-libssl=PATH Specify path to libssl installation ], + [ + if test "x$withval" != "xno" ; then + trylibssldir=$withval + fi + ] +) + +dnl ---------------------------------------------------------------------------- +dnl libssl detection. swiped from libevent. modified for openssl detection. + +OPENSSL_URL=https://www.openssl.org/ +if test "x$enable_tls" = "xyes"; then + AC_CACHE_CHECK([for libssl directory], ac_cv_libssl_dir, [ + saved_LIBS="$LIBS" + saved_LDFLAGS="$LDFLAGS" + saved_CPPFLAGS="$CPPFLAGS" + le_found=no + for ledir in $trylibssldir "" $prefix /usr/local ; do + LDFLAGS="$saved_LDFLAGS" + LIBS="-lssl -lcrypto $saved_LIBS" + + # Skip the directory if it isn't there. + if test ! -z "$ledir" -a ! -d "$ledir" ; then + continue; + fi + if test ! -z "$ledir" ; then + if test -d "$ledir/lib" ; then + LDFLAGS="-L$ledir/lib $LDFLAGS" + else + LDFLAGS="-L$ledir $LDFLAGS" + fi + if test -d "$ledir/include" ; then + CPPFLAGS="-I$ledir/include $CPPFLAGS" + else + CPPFLAGS="-I$ledir $CPPFLAGS" + fi + fi + # Can I compile and link it? + AC_TRY_LINK([#include <sys/time.h> + #include <sys/types.h> + #include <assert.h> + #include <openssl/ssl.h>], [ SSL_CTX* ssl_ctx = SSL_CTX_new(TLS_server_method()); + assert(OPENSSL_VERSION_NUMBER >= 0x10100000L);], + [ libssl_linked=yes ], [ libssl_linked=no ]) + if test $libssl_linked = yes; then + if test ! -z "$ledir" ; then + ac_cv_libssl_dir=$ledir + _myos=`echo $target_os | cut -f 1 -d .` + AS_IF(test "$SUNCC" = "yes" -o "x$_myos" = "xsolaris2", + [saved_LDFLAGS="$saved_LDFLAGS -Wl,-R$ledir/lib"], + [AS_IF(test "$GCC" = "yes", + [saved_LDFLAGS="$saved_LDFLAGS -Wl,-rpath,$ledir/lib"])]) + else + ac_cv_libssl_dir="(system)" + fi + le_found=yes + break + fi + done + LIBS="$saved_LIBS" + LDFLAGS="$saved_LDFLAGS" + CPPFLAGS="$saved_CPPFLAGS" + if test $le_found = no ; then + AC_MSG_ERROR([libssl (at least version 1.1.0) is required. You can get it from $OPENSSL_URL + + If it's already installed, specify its path using --with-libssl=/dir/ + ]) + fi + ]) + LIBS="-lssl -lcrypto $LIBS" + if test $ac_cv_libssl_dir != "(system)"; then + if test -d "$ac_cv_libssl_dir/lib" ; then + LDFLAGS="-L$ac_cv_libssl_dir/lib $LDFLAGS" + le_libdir="$ac_cv_libssl_dir/lib" + else + LDFLAGS="-L$ac_cv_libssl_dir $LDFLAGS" + le_libdir="$ac_cv_libssl_dir" + fi + if test -d "$ac_cv_libssl_dir/include" ; then + CPPFLAGS="-I$ac_cv_libssl_dir/include $CPPFLAGS" + else + CPPFLAGS="-I$ac_cv_libssl_dir $CPPFLAGS" + fi + fi +fi + dnl ---------------------------------------------------------------------------- AC_SEARCH_LIBS(umem_cache_create, umem) |